Symantec 10268947 User Guide - Page 85
Detection Methods, About detection
UPC - 037648243766
View all Symantec 10268947 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 85 highlights
7 Chapter Detection Methods This chapter includes the following topics: ■ About detection ■ About sensor detection ■ About port mapping ■ About signature detection ■ About refinement rules About detection In addition to the ability to start detection immediately using protection policies, Symantec Network Security also provides the tools to fine-tune the detection to a particular environment using sensor parameters and port mappings, and to enhance the detection using user-defined signatures. Symantec Network Security can run multiple detection methods concurrently, including protocol anomaly detection, signatures, IP traffic rate monitoring, IDS evasion detection, and IP fragment reassembly. The Symantec Network Security software and the Symantec Network Security 7100 Series appliance employ a common core architecture that provides detection, analysis, storage, and response functionality. Most procedures in this section apply to both the 7100 Series appliance and the Symantec Network Security 4.0 software. The 7100 Series appliance also provides additional functionality that is unique to an appliance. Each section describes this additional functionality in detail. ■ Protocol anomaly detection Symantec Network Security provides a way to tune the sensors to look for particular types of anomalies and signatures on a port by reconfiguring the default port mapping, or adding new mappings. For example, mappings can be